You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Granted, I was doing something earlier today I shouldn't of been doing and that was looking for torrents for a software.
I spent a couple hours looking and even downloaded lime wire. I got tired and found a website that had the actual program for cheap.
I just exited out of all the websites I was looking at. I did a lot more looking and reading then downloading but I did downloaded 2 or 3 things in that time period that didn't work so i just deleted them.
About 10 or 15 minutes later I try to run my Spybot - Search and Destroy and it wouldn't open so I tried opening my Symantec AntiVirus and that wouldnt open either. Or It would open for a second and exit out.

I was downloading something in limewire but canceled it at 83%.

So I thought maybe re-install them. I go to google and if i type anything virus protection, scanner, spybot, Symantec AntiVirus related words my Firefox or IE just exists out.
I cant download, search or click any link containing these various words. So i cant even do a scan to see what I have.
For instance I went to download.com and couldnt download any of the free virus scanners.

I havent run my virus scanners lately but Im pretty sure it was from what I did today. My computer was acting weird yesterday but I was just watching movies online.

So i really dont know what to do from here. If anyone has anything in mind that would be great,
thank you in advance.

After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply.

Then perform an Online Virus Scan like BitDefender.(These require Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component. If given the option, choose "Quarantine" instead of delete.)

Hello,thank you for the response,Unfortunately, I don't know what this means exactly Note: If you were using a custom Hosts file you will need to replace any of those entries yourself. I am guessing it had something to do with why HostsXpert did not work.

I ran Vundofix but it didn't find anything. This was in the file.

VundoFix V6.7.7Checking Java version...Java version is 1.5.0.6Old versions of java are exploitable and should be removed.Scan started at 5:42:03 PM 2/1/2008Listing files found while scanning....No infected files were found.Beginning removal...

VirtumundoBeGone wouldn't work for me. So I couldn't do there second option.

I then did BitDefender, which deleted some files but I still cant open any of my scanners.

There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different tools to do the job. Even then, with some types of malware infections, the task can be arduous. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

Some types of malware will disable your anti-virus and contaminate A HOSTS file to prevent access to valid security web sites. HostsXpert can remove these hosts file mappings and restore them to defaults so you can access those sites again. It will not remove the infection but doing that may allow you access again.

Your Java version is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system but you can update later.

Please download SDFix by AndyManchesta and save it to your desktop.alternate zipped versionWhen using this tool, you must use the Administrator's account or an account with "Administrative rights"

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive.

Disconnect from the Internet before running SDFix.

Double click SDFix.exe and it will extract the files to %systemdrive%

(this is the drive that contains the Windows Directory, typically C:\SDFix).

DO NOT use it just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load, the SDFix report will open on screen and also save a copy into the SDFix folder as Report.txt.

Copy and paste the contents of Report.txt in your next reply.

Be sure to re-enable your anti-virus and other security programs before connecting to the Internet.

-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."Please go to Start Menu > Run > and copy/paste the following line:%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.regPress Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:%systemdrive%\SDFix\apps\FixPath.exe /QReboot and then run SDFix again.

This issue will require further investigation and probably the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a hijackthis log.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and when the Save logfile window opens, use the drop down box to save the log in the same folder as Hijackthis. At the bottom make sure the File name is hijackthis.log and Save as type: Log files (*.log).

In the Hijackthis log, go to the top menu, click on "Format" and UNcheck "Word Wrap" if checked.

Then click "Edit" > Select All > "Edit" again and "Copy" to copy the entire contents of the log and paste it into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.

Post the log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information.

Note: The "Analyze This" (Upload to TrendSecure) button is for use by TrendMicro to collect data and does NOT mean "Analyze My Log". You will need to post your log in the HijackThis forum.

If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename itScanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.com

Hello,
I am really sorry. I wish I was better at this but all i got was a .php file that I had to rename in order to open and I can't get to HijackThis Logs and Malware Removal forum either in the directions.
I have a feeling I can add the words Hijack this to the other list of words I can't use.

I completely understand if getting this removed take a while but If i can't do this Hijack This, would i even be able to hire someone?

You don't have to apologize, we've all been there and can understand your frustration.

Carefully follow quietman7's instructions to rename HijackThis.

If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.com

Then click "Edit" > Select All > "Edit" again and "Copy" to copy the entire contents of the log and paste it into a new topic in the HijackThis Logs and Malware Removal forum.

If you are successful at creating a log you may have to rename the log itself as something other than hijackthis.log. If you can't get to the HJT forum you can post it here and we will move it for you. However, if you can't access that forum, then that may not be an option. As an alternative you could save the log to a usb stick and post it while using another computer.

Hello,
Thank you TMack but I cant find the folder? On the first line is says to download HijackThis Installer, I cant click it. All i can do it left click save link which gives me a hijackthis-installer.php file. And then in order for me to open that I had to rename it. So i dont know of a folder nor the HjTInstall.exe

I forgot I could use a USB drive to get to the forum. Thank you. But as far as this downloading goes do I have to do that on this computer? No transferring?